A puzzling virus
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: A puzzling virus

  1. #1
    Junior Member
    Join Date
    May 2004
    Posts
    28

    A puzzling virus

    My friend has gotten what he believes is a virus on his computer. He said he was downloading a file off of sharaza (like Kazaa, but supposedly more secure....yeah right) and the XP SP2 virus detection program thing instantly detected the Krepper worm. He ran AVG, and it detected it, but it couldn't remove. He then found a removal tool online, he ran it, then it tol him to restart. He did, and now he can't log in at all. When he tries logging it, it will get so far as "loading personal settings" then blink and start logging off. He has tried hitting F8 and going into safe mode as well. We would much appreciate it if anyone has any good info to help us. I have been researching it through Google, and I feel I have a decent understanding of the Krepper worm, and have taken precautions from letting it propagate to my other friend's computer on the network, but we are still stumped as to how to get into his computer and remove it. Thanks for any help.
    Don\'t mistake lack of talent for genius.

  2. #2
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    A quick and dirty answere is, if the box is continualy rebooting at the login screen the chances are that the registery has been damaged some how. This is fairly easy to fix using your xp disk and the recovery console. Unfortunetly i have not got the details to hand at the moment.

    One of the other members here may have. I'll check back later and if a fix is not available i will dig around to see if i can find one for you.

    Jinxy
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    He then found a removal tool online, he ran it, then it tol him to restart
    Yes............which tool.............from where?............I guess there is one born every minute? I would like that information though.......

    The obvious solution is to format and re-install.

    Please do not expect the RIAA or MPAA to play by rules other than of their own making.

    I guess that line above is one of those "satanic verses" that get inserted into good guys posts?

    As he cannot boot, he has a problem to start with?..............sure there are solutions, but how important is his data?..............I can give a recovery option, possibly, but it will be a bit long winded, so I would like to know what the requirements are first.

    cheers

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    To use the recovery console to restore a damaged regestry read this:

    http://support.microsoft.com/kb/307545
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Junior Member
    Join Date
    May 2004
    Posts
    28
    Alright, umm, just a few things. It doesn't "reboot", it just logs off back to the login screen. Also, he doesn't remember the tool, sorry. So, this recovery console thing sounds like our best option. I guess we are gonna try it. Thanks guys.
    Don\'t mistake lack of talent for genius.

  6. #6
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Had this a few week ago.. WSUpdate is the Malware involved do a google on that..

    there is a renamed system file .. There is another thread in the SPYWAR/ADWARE forum on this one.. go there and have alook..

    you will need the winxp CD.. and you will find yourself useing the recovery console..
    You will be renaming a file and the registry will need to be edited..
    DONT do a warm install (install over).. you will most likley F##k the installation and lock out the users files...

    BTW:
    XP SP2 virus detection program thing
    what sp2 Virus detection thing..???
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  7. #7
    Junior Member
    Join Date
    May 2004
    Posts
    28
    Service Pack 2 comes with a virus detection thing. Looking up that post in the spy/ad section now. Thanks for the post undertaker, cuz we were just about to install over it.
    Don\'t mistake lack of talent for genius.

  8. #8
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Originally posted here by Cpt. Commander
    Service Pack 2 comes with a virus detection thing.
    Not that I am aware of. SP2 comes with antivirus program detection. If you don't have an antivirus program installed or have one that is out of date it will prompt you to take care of it, but it doesn't have any kind of built in virus protections.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  9. #9
    IT Specialist Ghost_25inf's Avatar
    Join Date
    Sep 2001
    Location
    Michigan
    Posts
    648
    Heres what you can do.

    1.) pull the Hard drive
    2.) attach it to another Computer as a slave drive
    3.) Run AV software to detect and remove the virus
    4.) reinstall hardrive and remove all backups of XP on the PC
    5.) Dont use any more peer to peer sites (free always comes with a price)!

    Also Recovery console may not work because the virus might have infected the Registry and any last good boot will also be infected. but what I posted up above has worked for me and it should work for you also.
    S25vd2xlZGdlIGlzIHBvd2VyIQ

  10. #10
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    Read this thread.. links to various discussions are covered in there:

    http://www.antionline.com/showthread...hreadid=262034

    The second post has the info..... but read the story first..

    I am thankful that I post these little encounters from time to time..

    good history resource..


    cheers
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •